x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest

Expose the CPUID.7.EDX[31] bit to the guest, and also guard against various
combinations of SPEC_CTRL MSR values.

The handling of the MSR (to take into account the host value of SPEC_CTRL
Bit(2)) is taken care of in patch:

  KVM/SVM/VMX/x86/spectre_v2: Support the combination of guest and host IBRS

OraBug: 28041771
CVE: CVE-2018-3639

Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Ingo Molnar <mingo@kernel.org>
(cherry picked from commit da39556f66f5cfe8f9c989206974f1cb16ca5d7c)
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Mihai Carabas <mihai.carabas@oracle.com>
 Conflicts:
	arch/x86/kvm/cpuid.c
	arch/x86/kvm/vmx.c

Signed-off-by: Brian Maly <brian.maly@oracle.com>

diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index 099bc7a57018c1dbc28c16946c24560da72c0189..1e3e2eb4b1e51dad5adcb534f96218e42703b857 100644 (file)
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -61,6 +61,7 @@ u64 kvm_supported_xcr0(void)
 /* These are scattered features in cpufeatures.h. */
 #define KVM_CPUID_BIT_IBRS             26
 #define KVM_CPUID_BIT_STIBP            27
+#define KVM_CPUID_BIT_RDS              31
 
 
 /* CPUID[eax=0x80000008].ebx */
@@ -364,7 +365,8 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
        const u32 kvm_supported_word10_x86_features =
                F(XSAVEOPT) | F(XSAVEC) | F(XGETBV1) | f_xsaves;
 
-       const u32 kvm_cpuid_7_0_edx_x86_features = KF(IBRS) | KF(STIBP);
+       const u32 kvm_cpuid_7_0_edx_x86_features = KF(IBRS) | KF(STIBP) |
+               KF(RDS);
 
        /* cpuid 0x80000008.ebx */
        const u32 kvm_cpuid_80000008_ebx_x86_features =
@@ -444,9 +446,11 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
                        entry->edx &= kvm_cpuid_7_0_edx_x86_features;
                        /* Aka !ibrs_supported and !ibpb_supported */
                        if ( !boot_cpu_has(X86_FEATURE_IBRS) )
-                               entry->edx &= !(1u << KVM_CPUID_BIT_IBRS);
+                               entry->edx &= ~(1u << KVM_CPUID_BIT_IBRS);
                        if ( !boot_cpu_has(X86_FEATURE_STIBP) )
-                               entry->edx &= !(1u << KVM_CPUID_BIT_STIBP);
+                               entry->edx &= ~(1u << KVM_CPUID_BIT_STIBP);
+                       if ( !boot_cpu_has(X86_FEATURE_RDS) )
+                               entry->edx &= ~(1u << KVM_CPUID_BIT_RDS);
                } else {
                        entry->ebx = 0;
                        entry->edx = 0;